Privacy Policy

Effective Date: February 13, 2026

This Privacy Policy ("Policy") describes how Hitgrove Enterprises (operating as "Shopdop.in", "we", "us", or "our"), with its principal place of business at Basement, C-40, Sector 58, Noida, Uttar Pradesh – 201301, collects, uses, discloses, stores, protects, and processes your personal information when you access or use our website shopdop.in (the "Site"), mobile applications, or any related services (collectively, the "Service"). We are committed to protecting your privacy and ensuring compliance with all applicable laws, including but not limited to the Digital Personal Data Protection Act, 2023 ("DPDP Act"), Information Technology Act, 2000 (as amended) ("IT Act"), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), Consumer Protection Act, 2019, Consumer Protection (E-Commerce) Rules, 2020, Cigarettes and Other Tobacco Products Act, 2003 ("COTPA"), and other relevant regulations (collectively, "Applicable Laws").

By accessing or using the Site or Service, or by providing any personal information to us, you consent to the collection, use, disclosure, storage, and processing of your personal information as described in this Policy. If you do not agree with any part of this Policy, please do not use the Site or Service or provide any personal information to us. This Policy is incorporated into and forms part of our Terms of Service.

We reserve the right to update or modify this Policy at any time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of material changes by posting the updated Policy on the Site with a revised effective date. Your continued use of the Site or Service after such changes constitutes your acceptance of the revised Policy. It is your responsibility to review this Policy periodically.

1. INFORMATION WE COLLECT

We collect personal information that you voluntarily provide to us, as well as information automatically collected when you interact with the Site or Service. The types of information we collect include:

1.1 Personal Information You Provide

  • Account and Registration Data: When you create an account, register, or place an order, we collect details such as your name, email address, phone number, billing/shipping address, date of birth (for age verification under COTPA), and government-issued ID details (e.g., Aadhaar or PAN number, if required for verification of age or delivery compliance).
  • Payment Information: When you make a purchase, we collect payment details such as credit/debit card numbers, expiration dates, CVV, UPI IDs, or bank account information. This data is processed through secure third-party payment gateways (e.g., CCAvenue, Razorpay, Paytm) and is not stored on our servers except as necessary for transaction records in encrypted form.
  • Order and Communication Data: Information related to your orders, including product preferences, purchase history, delivery instructions, and any communications with our customer support (e.g., emails, chats, or calls).
  • Age Verification Data: For tobacco-related products, we collect proof of age (e.g., DOB, ID scans) to ensure compliance with COTPA Section 6 (prohibiting sales to minors under 18). This data is handled as sensitive personal data under SPDI Rules.
  • Feedback and Submissions: Reviews, comments, ratings, or any user-generated content you submit, which may include personal details.

1.2 Automatically Collected Information

  • Device and Usage Data: IP address, browser type, operating system, device identifiers, pages viewed, time spent, referring/exit pages, and clickstream data. This helps us analyze usage patterns and improve the Service.
  • Location Data: Approximate location derived from IP address or provided by you (e.g., for delivery or COTPA compliance checks on proximity to educational institutions).
  • Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to track user activity, remember preferences, and facilitate features like shopping carts. Some are essential for functionality; others are for analytics/marketing (e.g., Google Analytics). You can manage cookies via browser settings, but disabling may limit Site features.
  • Log Data: Server logs recording access times, errors, and security events for auditing and troubleshooting.

1.3 Information from Third Parties

  • Data from payment gateways, couriers (e.g., delivery status), or analytics providers (e.g., aggregated usage stats).
  • Social media or authentication data if you log in via third-party accounts (e.g., Google), subject to their privacy policies.

We do not collect sensitive personal data (e.g., biometric, health, or financial data beyond payments) unless necessary for Service delivery or legal compliance, and only with your explicit consent where required under SPDI Rules or DPDP Act.

2. HOW WE USE YOUR INFORMATION

We use your personal information for legitimate business purposes and only as permitted by Applicable Laws, including with your consent where required. Primary uses include:

  • Providing the Service: Processing orders, verifying age/location for tobacco sales (COTPA compliance), managing accounts, facilitating payments, and delivering products.
  • Customer Support: Responding to inquiries, resolving disputes, and handling grievances via our designated officer.
  • Compliance and Legal Obligations: Verifying identity for age-restricted products, reporting violations (e.g., minor access attempts under COTPA), auditing for tax/GST, and responding to legal requests (e.g., from courts or authorities).
  • Marketing and Personalization: Sending promotional emails, newsletters, or targeted ads (with opt-in consent), analyzing preferences to recommend products, and improving user experience. You can opt out at any time.
  • Analytics and Improvement: Monitoring Site performance, usage trends, and feedback to enhance features, security, and content.
  • Security and Fraud Prevention: Detecting/preventing unauthorized access, fraud, or violations of Terms (e.g., resale attempts).
  • Research and Aggregated Data: Using anonymized/aggregated data for internal research or business intelligence (no personal identification).

We do not use your data for automated decision-making that significantly affects you without human oversight or your consent, as per DPDP Act.

3. HOW WE SHARE YOUR INFORMATION

We share your personal information only as necessary and with your consent (where required), or as permitted/required by Applicable Laws. Recipients include:

  • Service Providers: Third-party vendors for payment processing (e.g., CCAvenue, Razorpay, Paytm—PCI-DSS compliant), shipping/logistics (e.g., couriers like Delhivery, Blue Dart), hosting (Shopify), analytics (Google Analytics), and marketing tools. These providers are contractually bound to use data only for specified purposes and maintain confidentiality/security.
  • Legal and Regulatory Authorities: Government bodies, law enforcement, or regulators for compliance (e.g., reporting COTPA violations to DTCC/CMO, tax audits, or court orders).
  • Business Transfers: In case of merger, acquisition, or asset sale, your data may be transferred with notice and consent where feasible.
  • Affiliates and Partners: Limited sharing with affiliates for operational purposes, under similar protections.

We do not sell, rent, or trade your personal information to third parties for marketing without explicit consent. All sharing complies with DPDP Act (e.g., data fiduciary obligations) and SPDI Rules (sensitive data safeguards). For international transfers (if any, e.g., Shopify servers), we ensure adequacy through contracts or consents.

4. DATA SECURITY

We implement reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, loss, misuse, alteration, or destruction, in compliance with SPDI Rules and DPDP Act. Measures include:

  • Encryption of sensitive data (e.g., payments via SSL/TLS).
  • Access controls, firewalls, and regular security audits.
  • PCI-DSS compliance for payment data.
  • Employee training on data protection.

However, no system is infallible; we cannot guarantee absolute security. In case of a data breach, we will notify affected users and authorities as required under Applicable Laws (e.g., DPDP Act timelines).

5. DATA RETENTION

We retain your personal information only as long as necessary for the purposes outlined in this Policy, or as required by Applicable Laws (e.g., 5–7 years for tax/GST records). Account data is retained while active; inactive accounts may be deleted after 2 years. Anonymized data may be kept indefinitely for analytics. Upon request or account closure, we delete or anonymize data, subject to legal obligations.

6. YOUR RIGHTS AND CHOICES

Under DPDP Act and other Applicable Laws, you have rights regarding your personal information, including:

  • Access and Correction: Request a copy of your data or correct inaccuracies.
  • Deletion/Erasure: Request deletion (subject to retention requirements).
  • Withdrawal of Consent: Withdraw consent for non-essential processing (e.g., marketing), which may limit Service access.
  • Portability: Request transfer of your data in a structured format.
  • Opt-Out: From marketing communications, cookies, or tracking via browser settings or "Do Not Track" signals (we honor these where feasible).
  • Complaint: Lodge grievances with our Officer or data protection authorities.

To exercise rights, contact our Grievance Officer (details below). We respond within 30 days (or as per law). Verification may be required to prevent misuse.

7. CHILDREN'S PRIVACY

Our Service is not directed to children under 18. We do not knowingly collect personal information from minors. If we discover such data, we delete it immediately. Parents/guardians discovering unauthorized use should contact us promptly.

8. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies for essential functions (e.g., session management), performance (analytics), and marketing (targeted ads). Categories include:

  • Essential Cookies: Required for Site operation; cannot be disabled.
  • Analytics Cookies: Track usage (e.g., Google Analytics—data anonymized).
  • Marketing Cookies: For personalized ads (with consent).

You can manage preferences via browser settings or our cookie banner. Disabling may affect functionality. We comply with IT Rules on tracking.

9. INTERNATIONAL TRANSFERS

If data is transferred outside India (e.g., to Shopify servers in the US), we ensure protection through standard contractual clauses, adequacy decisions, or your consent, per DPDP Act.

10. THIRD-PARTY PRIVACY PRACTICES

This Policy applies only to our practices. Third-party sites/links have their own policies; review them independently. We are not liable for their content or privacy practices.

11. GRIEVANCE OFFICER AND CONTACT INFORMATION

For questions, complaints, or to exercise rights under this Policy, contact our designated Grievance Officer (per E-Commerce Rules and DPDP Act):

  • Name: Sourav
  • Email: grievance@shopdop.in
  • Phone: +91-7289918991
  • Address: Basement, C-40, Sector 58, Noida, Uttar Pradesh – 201301
  • Working Hours: Monday to Friday, 10:00 AM to 6:00 PM IST

We acknowledge complaints within 48 hours and resolve within 30 days. For unresolved issues, escalate to relevant authorities (e.g., data protection board under DPDP Act).

By using the Site or Service, you acknowledge that you have read, understood, and agree to this Policy. For any updates or concerns, revisit this page regularly.